Incorrect Permission Preservation in Trend Micro Apex One and OfficeScan Products
CVE-2021-32465

8.8HIGH

Key Information:

Vendor

Trend Micro
Status
Trend Micro Apex One
Trend Micro Officescan
Vendor
CVE Published:
4 August 2021

What is CVE-2021-32465?

In Trend Micro's Apex One, Apex One as a Service, and OfficeScan XG SP1, a vulnerability exists due to incorrect permission preservation. This flaw could allow remote attackers to bypass authentication on affected installations. However, it requires prior execution of low-privileged code on the target system, opening a potential avenue for exploitation. Organizations utilizing these products should review their security posture to mitigate the risks associated with this vulnerability.

Affected Version(s)

Trend Micro Apex One 2019, SaaS

Trend Micro OfficeScan XG SP1

References

https://success.trendmicro.com/solution/000287819
x_refsource_MISC
https://success.trendmicro.com/jp/solution/000287796
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-911/
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.